Re: Disable unhashed#user#password altogether

Lucas Sweany <lsweany@xxxxxxxxxx> · Tue, 22 May 2012 15:19:51 -0700

Well I definitely don't need that. It looks like I will end up writing a script to delete or overwrite the attribute for now.

Thanks,

-Lucas

On Tue, May 22, 2012 at 3:12 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:

    On 05/22/2012 04:09 PM, Lucas Sweany wrote:
    I am syncing from an AD domain one way (onewaysync:
      fromWindows), and using the Password Sync service on the domain
      controllers. Perhaps the Password Sync service requires the
      attribute?  

    No.  You only need it if you sync passwords _to_ AD - AD requires
    the clear text password.

    Even if so, it would be nice if the plain text
      attribute were to go away once the password hash was stored.

      -Lucas

      On Tue, May 22, 2012 at 2:54 PM, Rich
        Megginson <rmeggins@xxxxxxxxxx>
        wrote:

             On 05/22/2012 03:32 PM, Lucas Sweany wrote:
              Is there a way to prevent the
                unhashed#user#password attribute from being stored or
                used at all? I don't need it to be replicated
                anywhere--I presume that the hashed password will be
                enough to authenticate users.

            Unless you need to use Windows Sync, yes.  If you plan to
            use Windows Sync you'll have to replicate the
            unhashed#user#password to the server that has the windows
            sync agreement.

                Thanks,

                -Lucas

                --
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users